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DETAILED ACTION 

1 . This action is response to communication: RCE filed 02/08/2008 

2. Claims 1-7 and 14-23 are currently pending in this application. Claims 1 and 14 
are independent claims. Claims 8-13 have been cancelled. 

3. No IDS was received for this application. 

4. Receipt is acknowledged of a request for continued examination under 37 CFR 
1 .114, including the fee set forth in 37 CFR 1.17(e) and a submission, filed on 
02/08/2008. 



Response to Arguments 

5. Applicant's arguments filed 02/08/2008 have been fully considered but they are 
not persuasive. 

6. The appellants have argued that Landry does not teach sending a modulated 
signal from the smart card to the IVR server. However, this is indeed taught by Landry. 
Landry teaches in col. 5 lines 9-12 that all interactions are accomplished via an IVR 
server when the telephone is not an ADSI unit. Further, col. 6 lines1-27 teaches the 
smart card reader sending a modulated, as shown in the rejection below. Further, more 
details are shown of modulation in col. 7 lines 7-49. Multiple types of modulation is 
shown in this section. The first, second, and third option are all examples of 
modulation. Even further, the appellant points to 3 part d of the invention (col. 10 line 
23) of Landry to show that communications are sent directly from teh card reader to the 
authentications server. However, 3 d) is not applicable as this occurs only when it is in 
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communication with an ADSI telephone. Although the Examiner uses this passage to 
point to the card reader reading the information out of a credit card, this process is the 
same with or without the ADSI part. Again, as shown in col. 6, the IVR server is used 
when an ADSI telephone is NOT used. 

7. Like the applicant argues, information is sent from the card reader through a 
modem. Applicant is reminded that a modem stands for MOdulator/DEModulator. 
Information sent through a modem is modulated, and then demodulated. Sending 
modulating signals and demodulating signals is very well known in the art, and it is 
indeed inherent, especially in such a system like this. Modulation/Demodulation is an 
inherent property of modems, as a modem is defined as a unit which modulates and 
demodulates signals. If information is not demodulated, a computer will receive some 
type of data, but it cannot be read. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1,14, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Landry et al US Patent No. 6,687,350 (hereinafter Landry), in view of Kia et al. US 
Patent No. 6,404,870 (hereinafter Kia). 
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As per claim 1 , Landry teaches a method for a second operation of 
authenticating a user and securing an online transaction over a telephone, comprising: 
providing a card reader connecting a smart card to a telephone (col. 2 lines 25-30); 
transmitting from the smart card at least an identification sequence for the user to an 
IRV server connected to a telephone line in the form of a modulated signal (col. 10 lines 
25-30; col. 5 lines 1-22; col. 6 lines 5-29; Figures 2,3;); demodulating the identification 
sequence at the IVR server (It is inherent that the signal is demodulated, as a 
modulated signal must be demodulated in order for the data to be useful and 
processed; also occurs at the IVR server (col. 5 lines 1-10) ). However, at the time of 
the invention, Landry does not explicitly teach authenticating the user and the 
transaction at an application server receiving the demodulated identification sequence 
from the IVR server over a communication network wherein data processing required 
for generating, transmitting, and authenticating the user occur without data processing 
assistance from the card reader This is taught in Kia though, such as in col. 4 lines 29- 
36. Also, As taught in Landry, authentication and data processing are controlled by an 
application server, and the smart card reader is all being controlled by the server, which 
just relays information and acts as a gateway, as can be seen in col. 3 lines 30-50. As 
can be seen in Kia, the IVR in the gateway receives information and forwards it to the 
authentication server to process. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the references of Kia with Landry. One of ordinary skill in the art 
would have been motivated to perform such an addition to be able to improve 
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authentication systems. This is taught by Kia in col. 1 line 60 to col. 2 line 5, wherein it 
recites "thus, the need remains for improving the scalability and reliability of the 
authorization based telephone system." 

Claim 14 is rejected using the same basis of arguments used to reject claim 1 
above. A card reader connected to a telephone is taught throughout the reference, 
such as in Landry Figure 1a and 1b. It is inherent that a telephone is connected to a 
telephone line. An IVR server connected to the telephone line is taught throughout the 
reference, such as in Figures 1 , 2, 3, and col. 5 lines 1-12. 

As per claim 23, Landry teaches wherein the card reader is further integrated into 
the telephone handset (col. 2 lines 45-68). 

9. Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Landry and Kia as applied above, and further in view of Chang et al. US Patent No. 
6,715,082 (hereinafter Chang). 

As per claim 2, Landry teaches a credit card number in col. 1 lines 25-29, which 
is a unique number. However, Landry and Brown do not explicitly teach the use of one 
time keys on a smart card. These are well known in the art, as can be seen in Chang 
col. 2 lines10-25. 
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At the time of the invention, it would have been obvious to include random one- 
time keys to be stored on smart cards. One of ordinary skill in the art would have been 
motivated to perform such an addition to increase security. This is taught by Chang in 
col. 2 lines 11-15. 

As per claim 3, the one-time password taught by Chang in col. 2 lines 10-25 is a 
key used in a session. It is taught in Chang that this one time password/key is not 
transmitted to an authentication server, as it is only transmitted to an access server. 

Claim 15 is rejected using the same basis of arguments used to reject claim 2 

above. 

Claim 16 is rejected using the same basis of arguments used to reject claim 3 

above. 

10. Claims 4 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Landry, Kia, and Chang as applied above, and further in view of Brinkmeyer et al. US 
Patent No. 5,619,573 (hereinafter Brink). 

As per claim 4, as best understood by the Examiner, the Landry combination 
does not explicitly teach wherein the session key is a function of a previous key. 
However, this is taught by Brink, such as in col. 3 lines 60 to col. 4 line 25. This would 
be inherently known by an authentication server, as the authentication server needs to 
know the key in order to verify if it was valid or not. 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include using a previously known key. One of ordinary skill in the art would 
have been motivated to perform such an addition to create more security. As they are 
one way functions, it would be extremely difficult to determine the previous keys unless 
they were known. By using previous keys, it would increase security, as it would almost 
guarantee that the key was actually known by the user and the authentication server, 
and not a malicious middle man. 

Claim 17 is rejected using the same basis of arguments used to reject claim 14 

above. 

1 1 . Claims 5-7 and 1 8-20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Landry, Kia, Chang, and Brink as applied above, and further in view of Bruce 
Schneier's Applied Cryptography, 2 nd Edition (1997), (hereinafter Schneier). 

As per claims 5-7, as best understood by the Examiner, the claims recite the use 
of encryption keys, decryption, one-way functions and authentication. These are well 
known in the art, as taught throughout Schneier, such as in pages 28-42. Pin codes are 
taught throughout Landry and Kia, and it would be obvious to encrypt PIN's, because 
PIN contains sensitive information, which should never be sent in the clear. Further, it 
is common practice that authentication is valid if PIN's match a PIN stored in a 
database, (that's how PIN's or passwords work). Further, databases holding security 
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information is taught throughout Kia, such as in col. 2 lines 14-20 and in col. 3 lines 15- 
24 and col. 4 lines 29-37. 

At the time of the invention, it would have been obvious to combine the teachings 
of Schneier with the Landry combination. One of ordinary skill in the art would have 
been motivated to perform such an addition to be able to provide a secure system. The 
Landry combination is already directed to secure online transactions, and Schneier 
teaches the details of this. 

Claim 18-20, as best understood by the Examiner, are rejected using the same 
basis of arguments used to reject claims 507 above. 

12. Claims 21 -22 are rejected under 35 U.S.C. 1 03(a) as being obvious over Landry 
and Kia as applied above. 

As per claim 21 , the claim recites wherein the smart card is powered by the 
voltage provided by the telephone line. It is well known in the art that telephones are 
powered by the power flowing from telephone lines. Since the Smart Card reader is 
attached to the telephone, as taught in Landry, it would have been obvious to power a 
smart card that is connected to the phone using the voltage provided by the phone, as 
this would reduce the amount of more power sources and voltage lines. Further, Landry 
teaches that the smart card may be powered by the telephone set, in col. 7 lines 50-54. 
As already discussed, many phones are powered by the telephone lines. 
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As per claim 22, it is inherent that a smart card would transmit signals via 
contacts. Although the Landry combination does not explicitly teach ISO contacts, it 
would have been obvious to do so, if not inherent. As Landry already teaches utilizing 
contacts, it would have been obvious to utilize ISO contacts, as ISO contacts are well 
known in the art and used throughout industry. It would have been obvious incorporate 
ISO contacts for ease of use. 

Conclusion 

1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Jason Gee 
Patent Examiner 
Technology Center 2100 
05/13/2008 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2132 



